Kessler Topaz is dedicated to providing secure uninterrupted service to our clients and has implemented a numerous measures in order to ensure the safeguard of client transaction data. Highlights are as follows:
- Kessler Topaz has and complies with, an ISO/IEC 27000-series based Information Security Framework.
- Kessler Topaz’s Information Security controls are audited annually by a licensed CPA firm. The SOC 2 Type II audit report is available upon request.
- Kessler Topaz maintains an in-house IT department consisting of seven employees and led by Head of IT Andrew Wells who alone has over 20 years of experience in the field.
- Kessler Topaz follows industry standards to protect both the physical security of our systems and network access to client transaction data.
- Kessler Topaz has designed a cutting edge data analytics environment built on the Microsoft Technology Stack in conjunction with Qlik Sense for data visualization and discovery. Our data analytics environment leverages security, Microsoft Azure.
- Client transaction data is logically separated from all other clients and is only accessible by Kessler Topaz’s 20-member, internal Portfolio Monitoring & Claims Administration Department.
- Client transaction data is encrypted both in transit and at rest and user-level access controls are in place. Kessler Topaz provides an SFTP enabled FIPS-140-2 compliant server for our clients to transfer data securely. Kessler Topaz’s public PGP key is provided to clients to add an additional layer of encryption to transaction data.
- Kessler Topaz regularly updates procedures and tests our ability to maintain services during and after disasters in order to minimize any impact on our clients. Transaction data is regularly backed up and all servers and data are replicated from Microsoft’s US-East location to Microsoft’s US-West location using Microsoft Azure Site Recovery service.
- To ensure our standards are met and in order to provide the most secure environment for our client’s transaction data, Kessler Topaz partners with an outside security firm. Kessler Topaz’s security partner enhances our internal efforts with numerous services: Security Configuration Benchmarking, Quarterly Internal Vulnerability Assessment, Monthly External Vulnerability Assessment, SOC 2 Control Monitoring, SIEM (Security information and event management), Phishing Simulation Testing, Annual Information Security Awareness Training, and Consulting in various areas including Risk Management and Legal and Regulatory Compliance such as GDPR.